|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: David Endler (DEndler
iDefense.com)Date: Wed Nov 07 2001 - 08:57:32 CST
Hello,
iDEFENSE Labs has released a paper today entitled "Brute-Force Exploitation
of Web Application Session IDs." It covers the basics of brute-forcing web
applications through guessing or reverse engineering state session IDs which
are often used for authentication purposes. Several examples are shown
using some familiar web sites and applications on how stealing or mimicking
a legitimate user's credentials is possible. All relevant vendors and site
administrators were informed responsibly before publication.
The paper is available at the top of http://www.idefense.com/papers.html
David Endler
Director, iDEFENSE Labs
dendleridefense.com
www.idefense.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]